Home > Vulnerability Database > CVE-2006-2660

Mend.io Vulnerability Database

CVE-2006-2660

Date: June 13, 2006

Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.

Severity Score

4.0

Related Resources (12)

Url: http://securitytracker.com/id?1016271

Url: http://www.ubuntu.com/usn/usn-320-1

Url: http://cvs.php.net/viewcvs.cgi/php-src/NEWS?view=markup&rev=1.1247.2.920.2.134

Url: http://secunia.com/advisories/21125

Url: http://securityreason.com/securityalert/1069

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/27049

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2006-2660

Url: http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0209.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-2660

Url: http://www.securityfocus.com/archive/1/436785/100/0/threaded

Url: https://www.mend.io/vulnerability-database/CVE-2006-2660

Severity Score

4.0

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-2660

Date: June 13, 2006

Severity Score

Related Resources (12)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?